Notary Project website screenshot

Notary Project

The Notary Project is a CNCF incubating set of specifications and tools for signing and verifying container images and other OCI artifacts. It provides Notation, a CLI and library for signing artifacts stored in OCI-compliant registries. The project defines standards for signature formats, trust policies, and verification workflows to secure software supply chains.

4 APIs 0 Features
Cloud NativeContainer SecurityImage SigningIncubatingOCIVerification

APIs

Notary Project Signing Specification

The Notary Project specification defines the signature envelope format, trust store and trust policy for container image signing and verification. It supports multiple signature...

Notation CLI

Notation is the command-line tool that implements the Notary Project specifications for signing and verifying OCI artifacts stored in container registries. It supports signing w...

notation-go Library

notation-go is the official Go library for signing and verifying OCI artifacts using the Notary Project specifications. It provides the programmatic interface used by the Notati...

Notation Plugin Extensibility

The Notation plugin extensibility specification defines the interface that third-party plugins must implement to integrate with Notation for key management, signing, and verific...

Pricing Plans

Notary Plans Pricing

3 plans

PLANS

Rate Limits

Notary Rate Limits

5 limits

RATE LIMITS

FinOps

Notary Finops

FINOPS

Semantic Vocabularies

Notary Context

7 classes · 32 properties

JSON-LD

Resources

🔗
Website
Website
🔗
Documentation
Documentation
🚀
GettingStarted
GettingStarted
📰
Blog
Blog
💬
FAQ
FAQ
👥
GitHubOrganization
GitHubOrganization
👥
GitHubRepository
GitHubRepository
📄
ChangeLog
ChangeLog
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSONLD
JSONLD

Sources

apis.yml Raw ↑
aid: notary
name: Notary Project
description: The Notary Project is a CNCF incubating set of specifications and tools for signing and verifying container images
  and other OCI artifacts. It provides Notation, a CLI and library for signing artifacts stored in OCI-compliant registries.
  The project defines standards for signature formats, trust policies, and verification workflows to secure software supply
  chains.
url: https://notaryproject.dev
image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
tags:
- Cloud Native
- Container Security
- Image Signing
- Incubating
- OCI
- Verification
created: '2026-03-16'
modified: '2026-04-28'
specificationVersion: '0.19'
type: Index
apis:
- aid: notary:notary-spec
  name: Notary Project Signing Specification
  description: The Notary Project specification defines the signature envelope format, trust store and trust policy for container
    image signing and verification. It supports multiple signature formats and integrates with OCI distribution registries
    for storing signatures alongside container images. The specification enables end-to-end supply chain security from build
    to deployment.
  humanURL: https://notaryproject.dev/docs/
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  properties:
  - type: Documentation
    url: https://notaryproject.dev/docs/
  - type: Reference
    url: https://github.com/notaryproject/specifications/blob/main/specs/trust-store-trust-policy.md
  - type: GitHubRepository
    url: https://github.com/notaryproject/specifications
  - type: JSONSchema
    url: json-schema/notary-trust-policy-schema.json
  - type: JSONSchema
    url: json-schema/notary-signature-envelope-schema.json
  tags:
  - Signing
  - Specification
  - Verification
- aid: notary:notation-cli
  name: Notation CLI
  description: Notation is the command-line tool that implements the Notary Project specifications for signing and verifying
    OCI artifacts stored in container registries. It supports signing with certificates stored in trust stores, configuring
    trust policies for verification, and extends to third-party key management systems via a plugin model.
  humanURL: https://notaryproject.dev/docs/user-guides/installation/cli/
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  properties:
  - type: Documentation
    url: https://notaryproject.dev/docs/user-guides/installation/cli/
  - type: GettingStarted
    url: https://notaryproject.dev/docs/user-guides/installation/
  - type: Reference
    url: https://github.com/notaryproject/notation/blob/main/specs/notation-cli.md
  - type: GitHubRepository
    url: https://github.com/notaryproject/notation
  - type: ChangeLog
    url: https://github.com/notaryproject/notation/releases
  tags:
  - CLI
  - OCI
  - Signing
  - Verification
- aid: notary:notation-go
  name: notation-go Library
  description: notation-go is the official Go library for signing and verifying OCI artifacts using the Notary Project specifications.
    It provides the programmatic interface used by the Notation CLI and enables Go applications to integrate artifact signing
    and verification into their own workflows without invoking the CLI directly.
  humanURL: https://github.com/notaryproject/notation-go
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  properties:
  - type: Documentation
    url: https://pkg.go.dev/github.com/notaryproject/notation-go
  - type: GitHubRepository
    url: https://github.com/notaryproject/notation-go
  tags:
  - Client Library
  - Go
  - SDK
  - Signing
- aid: notary:notation-plugin-framework
  name: Notation Plugin Extensibility
  description: The Notation plugin extensibility specification defines the interface that third-party plugins must implement
    to integrate with Notation for key management, signing, and verification operations. Plugins allow Notation to work with
    hardware security modules, cloud key management services, and other external credential systems.
  humanURL: https://github.com/notaryproject/specifications/blob/main/specs/plugin-extensibility.md
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  properties:
  - type: Documentation
    url: https://github.com/notaryproject/specifications/blob/main/specs/plugin-extensibility.md
  - type: Reference
    url: https://pkg.go.dev/github.com/notaryproject/notation-plugin-framework-go/plugin
  - type: GitHubRepository
    url: https://github.com/notaryproject/notation-go
  - type: JSONSchema
    url: json-schema/notary-plugin-schema.json
  - type: JSONSchema
    url: json-schema/notary-plugin-protocol-schema.json
  tags:
  - Extensibility
  - Key Management
  - Plugin
  - Signing
common:
- type: Website
  url: https://notaryproject.dev
- type: Documentation
  url: https://notaryproject.dev/docs/
- type: GettingStarted
  url: https://notaryproject.dev/docs/user-guides/installation/
- type: Blog
  url: https://notaryproject.dev/blog/
- type: FAQ
  url: https://notaryproject.dev/docs/faq/
- type: GitHubOrganization
  url: https://github.com/notaryproject
- type: GitHubRepository
  url: https://github.com/notaryproject/notation
- type: ChangeLog
  url: https://github.com/notaryproject/notation/releases
- type: JSONSchema
  url: json-schema/notary-trust-policy-schema.json
- type: JSONSchema
  url: json-schema/notary-plugin-schema.json
- type: JSONSchema
  url: json-schema/notary-plugin-protocol-schema.json
- type: JSONSchema
  url: json-schema/notary-signature-envelope-schema.json
- type: JSONLD
  url: json-ld/notary-context.jsonld
maintainers:
- FN: Kin Lane
  email: kin@apievangelist.com